CLAIMS 

We claim: 

1. In a rights management system for protecting messages from 
unauthorized access, a method of providing an entity the ability to enforce conditions 
under which the entity's message server will accept messages, the method comprising 
acts of: 

receiving data including a message with a protected portion, a publishing license 
and a message server use license, the protected portion of the message controlled by a 
rights management server, the publishing license defining one or more principals' rights 
to the protected portion of the message, and the message server use license an encrypted 
key that corresponds to an entity's message server; 

using the message server use license to access the protected portion of the 
message for performing operations on the protected portion in accordance with message 
policies defined by the entity; and 

making the message and the publishing license available to the one or more 
principals when the protected portion of the message conforms to the message policies 
defined by the entity. 

2. The method of claim 1, wherein the message policies are chosen from 
one or more of an anti-virus scanning, an anti-spam scanning and search term indexing. 



- Page 32 - 



Docket No. 13768.502 



3. The method of claim 2, wherein the protected portion of the message is 
at least one of a protected contact, protected document, protected attachment, protected 
calendar item or protected meeting request. 

4. The method of claim 2, wherein the operations are performed by a 
sending entity's server before sending the message and the publishing license to a 
partner entity. 

5. The method of claim 2, wherein the operations are peiformed by a 
partner entity's server when receiving the message from a sending entity. 

6. The method of claim 5, wherein the message server use license includes 
the rights available to the partner entity's server. 



7. The method of claim 5, further comprising the acts of: 
receiving the sending entity's message policy, which defines the type of 
operations that the partner entity can perform on the protected portion of the message; 



w 

O § a. = receiving the partner entity's message policy, which defines the type of 

>^ o < P ^ i operations that are to be performed on the message before the partner entity's message 

^2; ^ CO < £ c 

3 2 § g 12 2 server can accept the message; 

2 s S comparing the sending entity's message policy with the partner entity's message 

O ^ 

policy; and 

based on the comparison, determining if the policies are compatible before 
accepting the message and the publishing license from the sending entity. 
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8. The method of claim 7, wherein the partner entity receives the sending 
entity's message policies from a directory service. 

9. The method of claim 8, wherein the format of the received sending 
entity's message poHcies is XrML. 

10. The method of claim 8, wherein the directory services is one of a DNS, 
Active Directory, LDAP, XKMS, or UDDI. 

11. The method of claim 7, wherein the sending entity receives the partner 
entity's message policies from the partner entity over a SMTP connection. 

12. The method of claim 1, wherein the one or more principals are a process, 
user, machine, server or client. 
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13. In a rights management system for protecting message from 
unauthorized access, a method of providing an entity the ability to enforce conditions 
under which the entity's message server will accept messages by generating a message 
server use license, the method comprising acts of: 

receiving a request for a message server use license that identifies an entity's 
message server; 

receiving a key that allows access to a protected portion of a message controlled 

by a rights management server; 

encrypting the key to correspond with the entity's message server; and 
generating a message server use license that includes the encrypted key for 

allowing the entity's message server access to the protected portion of the message 

when performing operations on the message in accordance with message policies 

defined by the entity. 



14. The method of claim 13, wherein the message policies are chosen from 
one or more of an anti-virus scanning, an anti-spam scanning and search term indexing. 

g a; 5 15, The method of claim 14, wherein the protected portion of the message is 
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16. The method of claim 14, wherein the request is made by a sending 
entity's message server. 
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17. The method of claim 16, wherein the entity is the sending entity. 



18. The method of claim 16, wherein the entity is a partner entity, which the 
sending entity's server sends the message and a publishing license to, the publishing 
license defining one or more principals' rights to the protected portion of the message, 
and the request for the message server use license includes a digital certificate issued to 
the partner entity for identifying the partner entity's server. 

19. The method of claim 18, wherein the one or more principals are a 
process, user, machine, server or client. 
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20. At a sending entity's message server within a rights management system 
for protecting message from unauthorized access, a computer program product 
comprising one or more computer readable media carrying computer executable 
instructions that implement a method of providing an entity the ability to enforce 
conditions under which the entity's message server will accept messages, the method 
comprising acts of: 

receiving a message with a protected portion being controlled by a rights 
management server; 

receiving a publishing license that includes rights available to one or more 
intended principals, the rights controlling the type of operations that can be performed 
on the protected portion of the message; 

receiving message policies defined by an entity, which specify operations that 
are to be performed the message; 

requesting a message server use license to allow the entity's message server 
access to the protected portion of the message; 

receiving the requested message server use license, the requested message server 
use license including an encrypted key that corresponds to the entity's message server; 



>^ o < e ^ D making the message, publishing license and message server use license available 

5iioH^ to the entity's message server such that the entity's message server can enforce the 



message policies defined by the entity. 
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21. The computer program product of claim 20, wherein the message 
policies are chosen from one or more of a anti-virus scanning, an anti-spam scanning 
and search term indexing. 

22. The computer program product of claim 21, wherein the protected 
portion of the message is at least one of a protected contact, protected document, 
protected attachment, protected calendar item or protected meeting request. 

23. The computer program product of claim 21, wherein the operations are 
performed by the sending entity's server before sending the message and the publishing 
license to a partner entity. 

24. The computer program product of claim 23, further comprising the acts 

of: 

receiving the sending entity's message policy, which defines the type of 
operations that the partner entity is allowed to performed on the protected portion of the 
message; 

receiving the partner entity's message policy, which defines the type of 
operations that are to be performed on the message before the partner entity's message 
server can accept the message; 

comparing the sending entity's message policy with the partner entity's message 
policy; and 

based on the comparison, determining if the policies are compatible before 
sending the message and the publishing license to the partner entity. 
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25. The computer program product of claim 24, wherein the sending entity 
receives the partner entity's message policies from a directory service. 

26. The computer program product of claim 25, wherein the format of the 
received partner entity's message policies is XrML. 

27. The computer program product of claim 25, wherein the directory 
services is one of a DNS, Active Directory, LDAP, XKMS, or UDDL 

28. The computer program product of claim 24, wherein the sending entity 
receives the partner entity's message policies from the partner entity over a SMTP 
connection. 

29. The computer program product of claim 22, wherein the operations are 
performed by a partner entity's server when receiving the message from the sending 
entity. 

30. The computer program product of claim 23, wherein the one or more 
intended principals are a process, user, machine, server or client. 
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31. In a rights management system for protecting messages transferred 
between two trusted entities from unauthorized access, a method of determining if the 
messages can be transferred based on each others message policies, the method 
comprising acts of: 

receiving a sending entity's message policy, which defines the type of 
operations that a partner entity is allowed to perform on a protected portion of a 
message; 

receiving the partner entity's message policy, which defines the type of 
operations that are to be performed on the message before the partner entity's message 
server can accept the message; 

comparing the sending entity's message policy with the partner entity's message 
policy; and 

based on the comparison, determining if the policies are compatible for 
transferring the message between the sending and partner entities' message servers. 

32. The method of claim 31, wherein the message policies are chosen from 
one or more of an anti-virus scanning, an anti-spam scanning and search term indexing. 

33. The method of claim 32, wherein the policies are received and compared 
at the sending entity's server for determining if the message should be transferred from 
the sending entity's server to the partner entity's message sever. 
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34. The method of claim 32, wherein the policies are received and compared 
at the partner entity* s server for determining if the message should be accepted when 
transferred from the sending entity's server to the partner entity's message sever. 

35. The method of claim 32, wherein the sending entity receives the partner 
entity's message policies from a directory service. 

36. The method of claim 35, wherein the format of the received partner 
entity's message policies is XrML. 

37. The method of claim 35, wherein the directory services is one of a DNS, 
Active Directory, LDAP, XKMS, or UDDL 

38. The method of claim 32, wherein the sending entity receives the partner 
entity's message policies from the partner entity over a SMTP connection. 




- Page 41 - 



Docket No. 13768,502 



